cestoliv, il y a 3 ans - jeu. 23 sept. 2021

Cap - HackTheBox Machine

The traffic analysis with Wireshark will allow us to find FTP identifiers. Then it's a simple python privilege escalation that will give us the control of the machine.

• Platform: HackTheBox
• Système: Linux
• Difficulty: Easy
• Goal: Find a flag in the user home directory, then in the root directory

Scanning of open ports

nmap -sV -sC 10.10.10.245
# PORT   STATE SERVICE VERSION
# 21/tcp open  ftp     vsftpd 3.0.3
# 22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0)
# 80/tcp open  http    gunicor

Exploring the web server

We have access to the Wireshark data downloads and by manipulating the URL, we access the first recorded data (on http://10.10.10.245/data/0). In this Wireshark file we find Nathan's FTP traffic in clear text: we find his FTP password (Buck3tH4TF0RM3!) which also allows us to connect in SSH!

User own!

We arrive directly in Nathan's home and a file user.txt contains the user flag.

The classic privileges escalation

After a few tests we manage to do a privilege escalation with Python :

    import os
    os.setuid(0) # go to root
    os.system("/bin/bash") # open a bash (as root)

System own!

This rooted bash gives us access to the /root in which we find a root.txt which contains the flag !